(self)
| 3246 | |
| 3247 | @requires_tls_version('TLSv1_3') |
| 3248 | def test_wrong_cert_tls13(self): |
| 3249 | client_context, server_context, hostname = testing_context() |
| 3250 | # load client cert that is not signed by trusted CA |
| 3251 | client_context.load_cert_chain(CERTFILE) |
| 3252 | server_context.verify_mode = ssl.CERT_REQUIRED |
| 3253 | server_context.minimum_version = ssl.TLSVersion.TLSv1_3 |
| 3254 | client_context.minimum_version = ssl.TLSVersion.TLSv1_3 |
| 3255 | |
| 3256 | server = ThreadedEchoServer( |
| 3257 | context=server_context, chatty=True, connectionchatty=True, |
| 3258 | ) |
| 3259 | with server, \ |
| 3260 | client_context.wrap_socket(socket.socket(), |
| 3261 | server_hostname=hostname, |
| 3262 | suppress_ragged_eofs=False) as s: |
| 3263 | s.connect((HOST, server.port)) |
| 3264 | with self.assertRaisesRegex( |
| 3265 | OSError, |
| 3266 | 'alert unknown ca|EOF occurred|TLSV1_ALERT_UNKNOWN_CA|' |
| 3267 | 'closed by the remote host|Connection reset by peer|' |
| 3268 | 'Broken pipe' |
| 3269 | ): |
| 3270 | # TLS 1.3 perform client cert exchange after handshake |
| 3271 | s.write(b'data') |
| 3272 | s.read(1000) |
| 3273 | s.write(b'should have failed already') |
| 3274 | s.read(1000) |
| 3275 | |
| 3276 | def test_rude_shutdown(self): |
| 3277 | """A brutal shutdown of an SSL server should raise an OSError |
nothing calls this directly
no test coverage detected